Do you receive ANY website traffic from Europe?

If so, you MUST comply to the General Data Protection Regulation

Google Analytics photo showing traffic from countries impacted by GDPREffective May 25th, 2018 any website that receives traffic from the European Union (EU) has to comply to GDPR to avoid the risk of large fines ($23,0000+). US companies are not exempt from Europe’s data privacy rules! It is important that all businesses assess the value of their European traffic and determine how to best satisfy the requirement. This generally is achieved by a few strategies: satisfying GDPR requirements as best as reasonably possible and/or restricting website traffic from this region.

The General Data Protection Regulation outlines 8 specific rights of European citizens that companies are expected to abide to with their website or digital advertising campaign.

GDPR Bill of Rights

The 8 rights of European citizens

  1. Right to be informed – all organizations must be completely transparent in how they are using personal data.
  2. Right of access – individuals will have the right to know exactly what information is held about them and how it is processed.
  3. Right of rectification – individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
  4. Right to erasure – individuals are entitled to having their personal data deleted or removed without the need for a specific reason.
  5. Right to restrict processing – individuals are entitled to block or suppress processing of their personal data.
  6. Right to data portability – individuals are entitled to retain and reuse their personal data for their own purpose.
  7. Right to object – Individuals are entitled to object to their personal data being used.
  8. Rights of automated decision making and profiling – the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention.

The GDPR contains nearly 100 separate and nuanced articles that can be difficult to understand even if you are a data privacy expert. Because of this, although Inverse Paradox provides solutions to support clients in adhering to GDPR, it is advisable to consult an attorney when assessing risk and auditing compliance.

What We Offer

How Inverse Paradox helps clients adhere to GDPR

  • WordPress & WooCommerce – There are several plugins that when installed helps WordPress-powered websites including WooCommerce & common form plugins (Contact Form 7 & Gravity Forms) easily adhere to GDPR.

  • Magento – Magento 2 is GDPR-ready. This combined with a few 3rd party extensions and the right policies and opt-ins can help Magento reach proper compliance. For Magento 1, Inverse Paradox advises clients to consider investment in an upgrade to Magento 2 or migration to another eCommerce platform.

  • Policies – Inverse Paradox provides GDPR-ready boilerplates for Privacy Policy, Terms & Conditions and a Cookies Policy along with necessary consulting & customization to make sure the website clearly communicates how a user’s data is used.

  • Cookie Consent Toolbar – You may have already experienced a notification toolbar on many websites throughout the web that requires a user to agree to the Cookies Policy by using the site. IP provides an easy, turn-key solution for adding this to any site.

  • Form Audits & Updates – Forms are one of the most critical ways data is collected from users. Making sure those forms clearly communicate how data is collected and appropriately communicates opt-in to any other marketing programs is essential.

  • GDPR-Compliant Vendors – Inverse Paradox has a long-list of partners that clients use for their various digital marketing efforts and ultimately these vendors collect data. These vendors all are adhering to GDPR themselves and their own practices need to be accounted for in your websites policies and practices.

  • Minimizing Data Collection – This may seem like the common-sense approach but seldom do clients audit just how much data their collecting to determine what is actually necessary. Not to mention, many off the shelf plugin, extensions, or 3rd party vendors collect more than what’s needed. Minimizing unnecessary collection goes a long way to minimizing risk.

  • Geographic Restriction – If your European traffic serves no benefit to your business, one way to easily reach GDPR compliance is to block traffic from the EU. This could be in combination with the other strategies. Note that this strategy will most definitely be a short-lived measure. It is foreseeable that data privacy will become increasingly relevant at a global scale.

These are just a high level summary of the various key strategies Inverse Paradox takes in order to help clients to reach their compliance requirements. The objective of helping a client reach compliance requires a varied scope of consulting to understand the exact nature in which a company uses its data to develop a proper implementation strategy. And to make this matter increasingly complicated, do to some of the ambiguous nature of the regulations described, companies throughout the world are still defining best-practices and advancing technology to support this relatively new policy.

Ready to become GDPR compliant?

Contact us and Inverse Paradox will schedule a time to review with you your exact needs.